import jwt from "jsonwebtoken";
import Member from "../../models/member.js";
import { connectDB } from "../../utils/mongoose.js";

export default defineEventHandler(async (event) => {
  await connectDB();

  const token = getCookie(event, "auth-token");

  if (!token) {
    throw createError({
      statusCode: 401,
      statusMessage: "Not authenticated",
    });
  }

  let memberId;
  try {
    const decoded = jwt.verify(token, process.env.JWT_SECRET);
    memberId = decoded.memberId;
  } catch (err) {
    throw createError({
      statusCode: 401,
      statusMessage: "Invalid or expired token",
    });
  }

  const body = await readBody(event);

  // Define allowed profile fields
  const allowedFields = [
    "pronouns",
    "timeZone",
    "avatar",
    "studio",
    "bio",
    "skills",
    "location",
    "socialLinks",
    "offering",
    "lookingFor",
    "showInDirectory",
    "helcimCustomerId",
  ];

  // Define privacy fields
  const privacyFields = [
    "pronounsPrivacy",
    "timeZonePrivacy",
    "avatarPrivacy",
    "studioPrivacy",
    "bioPrivacy",
    "skillsPrivacy",
    "locationPrivacy",
    "socialLinksPrivacy",
    "offeringPrivacy",
    "lookingForPrivacy",
  ];

  // Build update object
  const updateData = {};

  allowedFields.forEach((field) => {
    if (body[field] !== undefined) {
      updateData[field] = body[field];
    }
  });

  // Handle privacy settings
  privacyFields.forEach((privacyField) => {
    if (body[privacyField] !== undefined) {
      const baseField = privacyField.replace("Privacy", "");
      updateData[`privacy.${baseField}`] = body[privacyField];
    }
  });

  try {
    const member = await Member.findByIdAndUpdate(
      memberId,
      { $set: updateData },
      { new: true, runValidators: true },
    );

    if (!member) {
      throw createError({
        statusCode: 404,
        message: "Member not found",
      });
    }

    // Return sanitized member data
    return {
      id: member._id,
      email: member.email,
      name: member.name,
      circle: member.circle,
      contributionTier: member.contributionTier,
      pronouns: member.pronouns,
      timeZone: member.timeZone,
      avatar: member.avatar,
      studio: member.studio,
      bio: member.bio,
      skills: member.skills,
      location: member.location,
      socialLinks: member.socialLinks,
      offering: member.offering,
      lookingFor: member.lookingFor,
      showInDirectory: member.showInDirectory,
    };
  } catch (error) {
    console.error("Profile update error:", error);
    throw createError({
      statusCode: 500,
      message: "Failed to update profile",
    });
  }
});